Computer Science 110: Introduction to Cybersecurity

n which decade did the first known cybercrime occur?

1970s

You have just intercepted the following message from Caesar: L ORYH FOHRSDWUD. Can you guess what shift was used to encode the message?

3

What is a one-way function in cryptography?

A mathematical combination of keys that is easy to create, but difficult to und

What information should not be shared on social media site?

A person's planned whereabouts for the evening

Which of the following would you NOT consider to be information?

A valuable wall painting

Which of these is NOT a reason that information is valuable?

Allows access to infrastructure

What would be an example of a violation of the principle of confidentiality?

An employee accessing a payroll database to find out how much others are paid

_____ is anything that can negatively affect information.

An information security threat.

_____ software is designed to protect computers and electronic devices connected to the Internet from cybercriminals.

Anti-malware

What is a cyber threat?

Any malicious act that attempts to gain access to a computer network without authorization

What are the four principles of information security?

Availability, Integrity, Confidentiality, Non-Repudiation

If a website requires you to log in with a password to change your address, this is an example of that website observing what principles of information security?

Availability, Integrity, and Confidentiality

Which type of social engineering attack might involve giving away USB drives with malware loaded on them?

Baiting

Which of the following was a major risk factor that allowed Bernie Madoff to commit history's biggest white collar crime?

Being part of an affinity group

A _____ attack is a cyber attack where the attacker tries guessing system access credentials like passwords by trying different character combinations until a correct combination is identified.

Brute force

How can you tell if an account on social media has been compromised?

Check Internet lists of compromised accounts

Which statement below is not one of the three categories of cybercrimes?

Computers are never used to commit cybercrimes.

If your employer could view your medical records without your permission, what principle of information security would be violated?

Confidentiality

In securing information and information systems, an organization can implement an SMS-based password authentication protocol in an addition to the username/password combination requirement for system access. Which aspect of information security is addressed by the additional layer of security?

Confidentiality

What are the three principles of the information security CIA triad?

Confidentiality, Integrity, Availability

Which of these roles uses encryption to develop software and protocols that will protect an organization from cybercrimes?

Cryptologist

Which statement below defines what cybercrime is?

Cybercrime is defined as any type of criminal activity that involves a computer, a network or the Internet

The internet security threat where zombie computers are used to saturate a server with unsolicited requests is referred to as _____.

Denial-of-service

hat are the guidelines called that were released by the Department of Defense in 2011?

Department of Defense Strategy of Operating in Cyberspace

Investigators of cybercrimes must possess objectivity, inquisitiveness and knowledge of _____

Digital security issues.

Who leaked information to WikiLeaks in 2013?

Edward Snowden

The latest password security standards call for at least how many characters in a password?

Eight

What is NOT an example of physical security?

Encrypting email messages

Which of the following social media threats/risks deals with celebrities?

Fake accounts

An information plan is a detailed account of the _____, _____, and _____ of information security at an organization.

Goals, Current State, Desired State

Which of the following is NOT a threat/risk associated with social media?

Hardware failure

Which of the following is an example of a white collar crime? I. Fraud II. Embezzlement III. Forgery

I, II, and III

Which of the following might be a victim of a white collar crime? I. Individuals II. Corporations III. Charities

I, II, and III

Which of the following is an example of a cybercrime?

Identity theft Software piracy Network intrusions All of the responses are correct.

Which of the following is NOT a focus for information security?

Ignoring Threats

Piracy committed by technocriminals using satellite dish equipment involves which of the following?

Illegally accessing radio or television signals

_____ is the process of investigating and identifying the source, effects, and mitigation of any threat when it occurs.

Incident Response

_____ describes the rules used to implement and enforce an information security model.

Information security model governance

_____ refers to the process of making sure only those who are entitled to information can access it?

Information security.

he CIA model of information security contains what three principles?

Integrity, Confidentiality, and Availability

Information security threats can be _____.

Internal. External. Physical. All of these answers are correct.

hat is the name of the department created by the FBI to fight cybercrime?

Internet Crime Complaint Center

How can the use of technology influence cybercrime?

It can be used to commit crimes directly or indirectly.

ich of the following people is at HIGHEST risk of being a victim of white collar crime?

Jack, a 90 year old man with dementia

On the staff of Kumquat Computing, Inc. - Jared's main task is to protect the confidentiality of a customer database that's kept on a LAN in the lobby and waiting rooms. Tyrone's main task is to protect the confidentiality of client files that are stored in the cloud. Which is true of Jared's and Tyrone's main tasks?

Jared is doing information security. Tyrone is doing both information security and cybersecurity

Which of the following best describes integrity as it relates to information security?

Keeping information from being lost or destroyed

Encrypt the following message using a Caesar cipher with a shift of 7: ET TU BRUTE

LA AB IYBAL

Victims of cybercrimes may suffer from all of these repercussions EXCEPT which?

Loss of personal attention.

Which of the following best describes availability as it relates to information security?

Making sure information can be accessed by those who need it and have authorization

What is malware?

Malicious software that is designed to damage a device or steal data

Which of these tasks is a security manager potentially responsible for?

Managing the technology stack

What does a security engineer as part of a cybersecurity team do?

Monitor security threats and respond to incidents.

How many times a year should you update your operating system and important software?

On a regular, consistent basis

The internet security threat referred to as 'pharming' can be described as _____.

Online fraud

What is the main idea behind the principle of availability in information security?

People who are authorized to view data can do so when they need access

What are hackers?

People who gain unauthorized access to networks for profit or to commit malicious acts by acquiring confidential personal information

What is the most common type of social engineering attack?

Phishing

Which of the following terms describes the practice of attempting to acquire sensitive information with deceptive emails?

Phishing.

Which of the following is NOT a type of cyber crime?

Phixing

Fire is an example of a _____ information security threat.

Physical.

Which of the following best describes confidentiality as it relates to information security?

Preventing unauthorized users from accessing information

_____ is the best defense against cyber crime.

Prevention

The _____ ensures that people only have access to the information they need to do their jobs.

Principle of least privilege

Information security is the umbrella term used to describe the collection of _____ and _____ employed to protect information.

Processes, Technologies

Which of the following is NOT described by an information security model?

Processing Power

Which of the following is NOT a section in an information security plan?

Proposal

Ransomware is a malicious program that can encrypt intercepted data. The attacker controlling the software can demand a ransom before allowing the data to be decrypted, rendering it useless until the price is paid. Which of the following is TRUE about ransomware?

Ransomware is a type of malware.

Information security must _____, and protect against, all threats.

Recognize.

Which of the following is NOT something you can do to reduce the risk of cyber crime on your system?

Rely solely on included system security software

Leading antivirus software not only detect virus, but also:

Remove and protect against them in the future

To make sure that charges to your financial accounts are legitimate, it is best to:

Review your financial statements regularly.

In the digital world, precautionary steps taken to protect computing resources against cybercrime is called _____.

Security

Which of the following activities is not common with hacking?

Sharing personal information with another person

A phishing attack that incorporates personal information about the user is known as which of the following?

Spear phishing.

Which of the following is a characteristic of an information security model architecture?

Technologies used Information location Layout All of these answers are correct.

What was the name of the cryptographic rotor machine used by the Germans in World War II?

The Enigma machine

Which of the answers is not a sign of a phishing email?

The email is a personal reply to an email that you sent.

Which of these was an example of a threat to the American economy?

The hacking of Sony Pictures

Which of the following is NOT determined by information security model governance?

The layout of the technologies

hat is known about the profile of the common cybercriminal?

There is no single profile.

Cybercriminals tend to share some similar characteristics. Which of these could that be?

They have tech savvy.

Annabelle, the CEO of Kumquat Computing, Inc., emails her vice president, Roland, to discuss an upcoming merger. Evelyn intercepts the email and changes the content of the message, altering the proposed terms of the merger, before Roland sees it.

This describes a Man-in-the-Middle attack. Roland will probably NOT realize that the email was tampered with.

This role on a cybersecurity team is tasked with thinking like a hacker to help thwart cybercrimes before they happen.

Threat Intelligence Specialist

A _____ is anything that can negatively alter, disrupt, hide, or erase an object or objects of interest.

Threat.

What is the role of members of a business' cybersecurity team?

To protect an organization from digital crimes and threats.

What do state laws regarding cybercrime generally pertain to?

Trespass to a computer

What is the most common type of cyber threat?

Trojan

What is the 'key exchange' problem in modern information security?

Two parties need to privately share the secret encryption key before communicating.

Which of the following is NOT a characteristic of white collar crime?

Violence

Which type of social engineering method might involve a college website that has been targeted and hacked, leaving behind malicious code that will execute when the page is loaded?

Watering Hole

A phishing attack that uses fraudulent website to capture sensitive information is known as what?

Website spoofing.

Which of the following is NOT a technology used by information security?

Your Honor, or Your Word

Bill is the new Chief Technology Officer at Z Corp. He plans to use _____ to prevent theft and protect the integrity of Z Corps. data.

anti virus software system security monitors biometric security firewalls All of these are correct.

When Angela buys a new smartphone that uses retina scanning instead of a password, the phone is using _____ security.

biometric

DNS cache poisoning does not affect _____.

computer system's logins

In a pharming attack, the goal of the criminal is to _____.

misdirect website traffic to bogus websites where the victim's information will be stolen

Requiring you to sign a contract uses the principle of _____ to secure the contract.

non-repudiation

dentity theft is a tactic used by cyber criminals for the purpose of gaining _____ information.

personal or sensitive

On a website that calls for you to enter your financial information the URL should include what letter after the http?

s

DNS cache poisoning changes _____.

the IP addresses of authentic websites to bogus websites and addresses while maintaining the domain names